<?php
// Start Session
session_start();
require_once('Authorizer.php');
require_once('DBConfigQuery.php');
require_once('GenFunctions.php');
require_once('../config.inc.php');
require_once('../Validation.php');


if (isset($_POST['EditCreateMember'])) {
    session_write_close();
    if (isset($_SESSION['FORMS']['FormEditMember']))
    {
        $memberIdentification = $_SESSION['FORMS']['FormEditMember']['MemberId'];
        unset ($_SESSION['FORMS']['FormEditMember']);
        header('Location: AdminMemberEditUser.php?membid=' . $memberIdentification );
    }
    else
    {
        header('Location: AdminMemberEdit.php');
    }
    exit();
}

// TODO VALIDATE THE INFO BEFORE THIS SCRIPT...
//Array to store validation errors
$errmsg_arr = array();

//Validation error flag
$errflag = FALSE;

// TODO VALIDATE THE INFO BASED ON VALIDATION.PHP/Validation Functions
//Sanitize the POST values
$fname = clean($_POST['fname'], $dbc);
$lname = clean($_POST['lname'], $dbc);

$email = clean($_POST['email'], $dbc);
$login = clean($_POST['login'], $dbc);
$password = clean($_POST['password'], $dbc);

$cphone = clean($_POST['cphone'], $dbc);
$hphone = clean($_POST['hphone'], $dbc);
$ophone = clean($_POST['ophone'], $dbc);

$profession = clean($_POST['profession'], $dbc);
$education = clean($_POST['education'], $dbc);
$family = clean($_POST['family'], $dbc);
$associations = clean($_POST['associations'], $dbc);
$interests = clean($_POST['interests'], $dbc);
$statusAorI = $_POST['status'] == 'Inactive' ? 'I' : 'A';


//Check for duplicate login ID
if ( ($login != '') && ($login != $_SESSION['FORMS']['FormEditMember']['MemberId']) ) {
    $q = sprintf($Q_ALL_Member, $login);
    $r = mysqli_query($dbc, $q) or trigger_error("Query: $q\n<br />MySQL Error: " . mysqli_error($dbc));

    if ($r) {
        if (mysqli_num_rows($r) > 0) {
            $errmsg_arr[] = 'Username already exists. Must be different to ' . $login;
            $errflag = true;
        }
        mysqli_free_result($r);
    } else {
        // Free DB
        mysqli_close($dbc);
        die("Query failed");
    }
}

//Check for duplicate login ID
if ($email != '' && ($email != $_SESSION['FORMS']['FormEditMember']['Email'])) {
    $q = sprintf($Q_ALL_Email, $email);
    $r = mysqli_query($dbc, $q) or trigger_error("Query: $q\n<br />MySQL Error: " . mysqli_error($dbc));

    if ($r) {
        if (mysqli_num_rows($r) > 0) {
            $errmsg_arr[] = 'Email already exists for another user. Must be different to ' . $email;
            $errflag = true;
        }
        mysqli_free_result($r);
    } else {
        // Free DB
        mysqli_close($dbc);
        die("Query failed");
    }
}

//If Input Errors, Redirect MemberCreatePage
if ($errflag) {
    $_SESSION['ERRMSG_ARR'] = $errmsg_arr;
    $_SESSION['FORMS']['FormCreateMember'] = $_POST;
    session_write_close();
    header('Location: AdminMemberCreate.php');
    exit();
}

$q = NULL;

if ( empty ($password) ) {
    // Insert the information without password
    $q = sprintf($U_None_User_NOPassw, $login, $fname, $lname, $hphone, $ophone,
                                    $cphone, $email, $profession, $education, $family,
                                    $associations, $interests, $statusAorI, $_SESSION['FORMS']['FormEditMember']['MemberId'] );
} 
else {
    // Insert the information with password
    $q = sprintf($U_None_User_Passw, $login, $password, $fname, $lname, $hphone, $ophone,
                                    $cphone, $email, $profession, $education, $family,
                                    $associations, $interests, $statusAorI, $_SESSION['FORMS']['FormEditMember']['MemberId'] );
}

// Execute Query
$r = mysqli_query($dbc, $q) or trigger_error("Query: $q\n<br />MySQL Error: " . mysqli_error($dbc));

//Check whether the query was successful or not
if ($r) {
    mysqli_close($dbc);
    session_write_close();
    header("Location: AdminMemberEditSuccess.php");
    exit();
} else {
    // Free DB
    mysqli_close($dbc);
    die("Query failed");
}
?>